TOMOYO Linux
 |
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (September 2010) |
 |
|
| Original author(s) | NTT Data Corporation |
|---|---|
| Operating system | Linux |
| Type | Mandatory Access Control |
| License | GPL v2 |
| Website | http://tomoyo.sourceforge.net/ |
TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux operating systems. Despite its name, it is not a Linux distribution.
Contents |
[edit] Overview
TOMOYO Linux is a MAC implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and is sponsored by NTT Data Corporation, Japan.
TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.
[edit] Features
The main features of TOMOYO Linux include:
- System analysis
- Increased security through Mandatory Access Control
- Automatic policy generation
- Simple syntax
- Ease of use
[edit] History and versions
![[icon]](/web/20120506234655/http://en.wikipedia.org/wiki/File:Wiki_letter_w_cropped.svg){kind=small} |
This section requires expansion. |
It has been merged in Linux Kernel mainline version 2.6.30 (2009, June 10);[1] it is currently one of four standard LSM modules, along with SELinux, AppArmor and SMACK.
The TOMOYO Linux project started as a patch for the Linux kernel to provide MAC functionality. Porting TOMOYO Linux to the mainline Linux kernel required the introduction of new hooks[2] into the Linux Security Modules (LSM), which had been designed and developed specifically to support SELinux and its label-based approach.
However, more hooks are needed to port all the remaining MAC functionality of TOMOYO Linux to the mainline version. Consequently, the project is following two parallel development lines:
- TOMOYO Linux 1.x, original version
- uses purposely created non-standard hooks
- fully featured MAC
- released as a patch for Linux kernel - Since this version 1.x does not depend on LSM, it can be used with Linux kernel 2.6 (starting from version 2.6.11) as well as 2.4.
- latest version: 1.7.1
- TOMOYO Linux 2.x, mainline version
- uses standard LSM hooks
- less features
- integral part of Linux kernel version 2.6.30
- latest version: 2.5.0 included in Linux kernel 3.2
Check the detailed differences in the Comparison chart of 1.x and 2.x.
[edit] See also
[edit] References
- ^ "TOMOYO Linux, an alternative Mandatory Access Control". Linux 2 6 30. Linux Kernel Newbies. http://kernelnewbies.org/Linux_2_6_30#head-eeb259e0ba81d96d59015b8f79456d9a5283c650.
- ^ "TOMOYO #14 patch submission to LKML". LWN.net. http://lwn.net/Articles/313346/.
[edit] External links
- TOMOYO Linux project
- TOMOYO Linux at Embedded Linux Wiki
- LWN : TOMOYO Linux and pathname-based security
- Tomoyo - Debian Wiki
- TOMOYO Linux - ArchWiki
 |
This Linux-related article is a stub. You can help Wikipedia by expanding it. |
 |
This computing article is a stub. You can help Wikipedia by expanding it. |
